Hi, El 25/08/15 a las 14:33, Raphael Hertzog escribió: > Hi, > > On Mon, 24 Aug 2015, Santiago Ruano Rincón wrote: > > The attached patch makes lts-cve-triage.py to check if already triaged > > issues have been tagged no-dsa in the next distribution. Do you think > > it's ok? May I push/commit the changes? > > I don't have a problem with your patch. But if we add something to > dla-needed.txt and we send a mail to maintainers telling then > that we want to fix an issue, and afterwards we end up tagging it > as no-dsa, I find this bad. > For the record, before tagging CVE-2015-5180 as no-dsa and sending the email to the eglibc maintainers, I searched for a previous related mail, but I didn't find any. > Thus it would be better if we fixed packages listed in dla-needed.txt > even if the security team tagged the same issues as no-dsa afterwards. > > What do you think? I don't know. Is the no-dsa tag aimed to prioritize tasks or to avoid to upload unworthy changes, especially on important packages? Anyway, I suppose that depends on the issue and the package. For simple fixes, I agree with you (and then, I'll upload the pending fixes in ruby1.8 and ruby1.9.1). Cheers, Santiago
Attachment:
signature.asc
Description: Digital signature